Skip to main content

Research Repository

Advanced Search

Privacy-Aware Cloud Auditing for GDPR Compliance Verification in Online Healthcare

Barati, Masoud; Aujla, Gagangeet Singh; Llanos, Jose Tomas; Duodu, Kwabena Adu; Rana, Omer F.; Carr, Madeline; Rajan, Rajiv

Authors

Masoud Barati

Gagangeet Singh Aujla

Jose Tomas Llanos

Kwabena Adu Duodu

Omer F. Rana

Madeline Carr

Rajiv Rajan



Abstract

Emerging multi-tenant cloud computing ecosystems allow multiple applications to share virtualised pool of computing and networking resources. As a result such ecosystems are becoming increasingly prone to data privacy concerns (personal data leakages and unauthorised access). While cloud computing providers support robust security and privacy mechanisms (e.g, public key cryptography, firewalls, virtual private networks, among many others), they lack mechanisms and frameworks to monitor, audit and verify these data privacy concerns. The emergence of data protection regulations around the world, such as General Data Protection Regulation (GDPR) in Europe and the Data Protection Act (DPA) in the UK, further emphasise the need to overcome these privacy limitations. A novel technique for monitoring, auditing and verifying the operations carried out on a users personal data in cloud computing ecosystems is proposed. Our research methodology leverages distributed ledger technologies (e.g., Blockchain, Smart Contracts) for developing an immutable recording technique, which transparently logs, monitors and verifies the operations carried out on user data. Using a healthcare pharmacy scenario and extensive real-world experiments, we validate the feasibility of the proposed technique. The proposed work handles a large pool of requests (> 13K) ensuring minimal latency (approx. 50-60 ms) and overheads for three different service packages varied with respect to the number of actors and operations).

Citation

Barati, M., Aujla, G. S., Llanos, J. T., Duodu, K. A., Rana, O. F., Carr, M., & Rajan, R. (2022). Privacy-Aware Cloud Auditing for GDPR Compliance Verification in Online Healthcare. IEEE Transactions on Industrial Informatics, 18(7), 4808-4819. https://doi.org/10.1109/tii.2021.3100152

Journal Article Type Article
Acceptance Date Jul 22, 2021
Online Publication Date Jul 27, 2021
Publication Date 2022-07
Deposit Date Jul 28, 2021
Journal IEEE Transactions on Industrial Informatics
Print ISSN 1551-3203
Electronic ISSN 1941-0050
Publisher Institute of Electrical and Electronics Engineers
Peer Reviewed Peer Reviewed
Volume 18
Issue 7
Pages 4808-4819
DOI https://doi.org/10.1109/tii.2021.3100152
Keywords blockchain, container-based monitoring, data privacy, healthcare, smart contracts
Public URL http://researchrepository.napier.ac.uk/Output/2789778